Patched the security vulnerability to prevent attackers from being able to steal additional access tokens.

Invalidated the access tokens for the accounts of the 50 million people who were affected – causing them to be logged out.

Took the View As feature down to fully investigate the issue.

Facebook’s ‘View As’ feature is a privacy tool to let you see how your own profile would look to other people.

Logged out everyone who used the View As feature since the vulnerability was introduced. This will require another 40 million people or more to log back into their accounts.

Facebook faces constant attacks from hackers who want to take over accounts or steal information around the world.

In the recent years, the social media network is facing scrutiny over how it handles the private information of its users.

Technical Details of Breach

Here are some additional technical details about the security issue, as provided by Pedro Canahuati, VP Engineering, Security and Privacy, Facebook.

View As should have been a view-only interface. However, for one type of composer (the box that let you post content to Facebook) — specifically the version that enables people to wish their friends happy birthday — View As incorrectly provided the opportunity to post a video.

A new version of Facebook video uploader (the interface that would be presented as a result of the first bug), introduced in July 2017, incorrectly generated an access token that had the permissions of the Facebook mobile app.

When the video uploader appeared as part of View As, it generated the access token not for you as the viewer, but for the user that you were looking up.

It was the combination of these three bugs that became a vulnerability.

G Caffe is a branding platform. Here, we publish industry and business news as also stories on advertising, marketing, branding, lifestyle, sports and entertainment. G Caffe understands the importance of knowing and sharing with you how to get what you want.